Science and Technology News

Wednesday, December 5, 2012

Cyber Pro Discusses Mobile Network Security Challenges

By Amaani LyleAmerican Forces Press Service

WASHINGTON, Dec. 5, 2012 – With more than 680,000 mobile devices
in use across the Defense Department, they are quickly emerging as a
critical component of military communications -- bringing a plethora of
new security risks, a defense official told attendees at the Defense
Logistics 2012 conference yesterday.

Dr. Robert Young, cybersecurity director in the DOD office of the
chief information officer, outlined some of the devices in use and the
ongoing importance of vulnerability counter-measures such as back-ups,
the cloud, authentication and secure applications.

“We need to be
thinking about how we can we do mobile computing with security,” Young
said.

“Your mobile device is going to replace your laptop [and contain]
unclassified and classified information … so we have to start thinking
of the [operational security] piece of this.”

According to Young,
threats and challenges faced by mobile device users include loss of
device, data recovery, collection over the air, vulnerability
applications, malware and tracking.

Devices and platform
variations also create unique challenges in building a secure,
impenetrable network -- something that’s especially daunting due to
limited lead time in the production cycle, he said.

“Sixty days
from now, the devices being made in Taiwan, China, Singapore, wherever,
will not be supported anymore,” Young said. “They’ll be the next model
and the next model … so we need to stop looking at the device and …
start looking at the data.”

Young also noted that BlackBerry,
while effective for encryption, is, as of yet, the only platform used
for secure communications, which in and of itself creates
vulnerabilities.

“We don’t want to have just one operating
system,” Young said. “And every device is different … solutions,
logistics and acquisitions are not one-size-fits-all.”

The
ubiquity and affordability of cell phones in the hands of hackers and
adversaries creates a considerable threat, Young explained. He cited an
example of villagers in Afghanistan who can ride into town, send their
data, charge their phones then shut down and leave without a trace.

“There are 48 million people in the world who have mobile phones who
don’t have electricity at home,” Young said. “How are you going to find
this individual [or] find the footprint?”

Even iPhones for sale
in Afghanistan can pose risks, Young said, adding that the devices could
actually trigger an improvised explosive device.

“I could make a
designer bomb if I know the [mobile equipment identity number] of your
iPhone or iPad,” Young said. “I just look for the signal that’ll ping
out.”

Equally dire are the consequences of a compromised database such as mobile device electronic serial numbers, he added.

“Once it pinged and I saw [the MEID], I would know where your soldier, sailor or Marine is deployed,” Young said.

As smart phones become even smarter, users will soon see mobile devices
do much more than transfer data. Young described the use of iPhones in
medical settings, where the devices can now enhance triage efficacy by
checking vital signs including pulse and body temperature.

“That’s smart use of [technology] -- knowing how not to waste resources and who I’m going to treat,” Young said.

Still, the DOD must remain vigilant in mobile device management to
buffer hackers that can range in age, location or intent, but are
typically obsessive-compulsive about penetrating a system, Young said.
He shared a recent experiment about his efforts to identify and
understand such activity.
“My tasking was to find a 13-year-old
kid and give him an iPhone, [with him] using on-the-web devices and
on-the-web [applications] to hack and crack into our [system],” Young
said. “He did it.”

With “for official use only,” secret and top
secret platforms cohabitating on mobile devices with the appropriate
encryptions, physical and virtual security must remain a priority, Young
asserted.
Currently no personal or “BYOD” devices are approved
for use with for official use only data, but major pilot programs using
iOS, Android and BlackBerry are in the works, Young said.